Check Point® Software Technologies Ltd.(link is external) announced that U.S. News & World Report has named the company among its 2025-2026 list of Best Companies to Work For(link is external).
Securing Containers vs. Securing VMs: 4 Key Differences
June 05, 2017
If you work in IT or software development, chances are you're familiar with container technology. Over the last few years, containerization has gained mainstream adoption and a recent 451 report(link is external) showed that 25 percent of companies are using the technology. Developers love using containers to build, run and ship applications in a flexible and simple way. However, the technology has received backlash for not being as secure as other (traditional) methods, such as Virtual Machines (VMs).
It's easy to bucket containers and VMs together as these technologies are both designed to provide an isolated environment in which to run an application. Therefore, they are often perceived to the public as competing, but in reality, they are complementary and completely different.
Securing containers and securing VMs requires a completely different process. Below are four key differences between securing containers versus securing VMs:
1. Many more entities
Statistics show, that containerized environments typically consist of roughly 1:8 VM to container ratio. While this isn't exact math, it correlates with a known difference between VMs and containers, which is the underlying architecture. With containers, there are multiple entities that make up an application. The applications can then be deconstructed into smaller components thus changing the way they are secured and managed in production.
2. Stateless and immutable
If you're wondering how to backup your container, the answer is simple — you can't. Data doesn't live in the container, instead, it's stored in a named volume that is shared between 1-N containers that the developer defines. Containers run in an immutable fashion, so once the developer backs up the data volume or deploys the container, they will then destroy it. The developer can then redeploy a new version of the image with the upgrade to the application.
This allows security teams to have a greater degree of automation and discover what the application should do, and how to build an application protection profile that's specifically tailored to that version of the app.
3. High rate of change, much more ephemeral
When DevOps teams work together within a containerized environment, build times are reduced from months to hours. Through this continuous integration, applications are constantly being altered and updated — sometimes multiple times a day. This rate of change is much faster than working in a VM environment — empiric data shows that a typical container churns 9 times faster than VMs.
What's even more impressive is that when used correctly with orchestrations, the typical lifetime of a container is less than one day. However, when there are frequent updates in a containerized environment, it can be difficult from a security standpoint to monitor each app iteration as closely as preferred. Therefore, it's critical for dev and security teams to work cohesively and set up proper tooling that will monitor the application lifecycle for any threats.
4. Security is largely in the hands of the developer
In a containerized environment, the developers and DevOps teams are mostly responsible for ensuring and maintaining a secure application. The developers determine how most of the application stack is configured, while the DevOps team is in charge of securing the delivery pipeline, staging, orchestration and the containers' host. Alternatively, in a VM environment, the process is simple and beyond the code, security is owned on a daily basis by the IT team.
4. Security is largely in the hands of the developer
In a containerized environment, the developers and DevOps teams are mostly responsible for ensuring and maintaining a secure application. The developers determine how most of the application stack is configured, while the DevOps team is in charge of securing the delivery pipeline, staging, orchestration and the containers' host. Alternatively, in a VM environment, the process is simple and beyond the code, security is owned on a daily basis by the IT team.
Ben Bernstein is CEO and Co-Founder of Twistlock.
Industry News
June 05, 2025
June 05, 2025
Postman announced new capabilities that make it dramatically easier to design, test, deploy, and monitor AI agents and the APIs they rely on.
June 05, 2025
Opsera announced the expansion of its partnership with Databricks.
June 04, 2025
Postman announced Agent Mode, an AI-native assistant that delivers real productivity gains across the entire API lifecycle.
June 04, 2025
Progress Software announced the Q2 2025 release of Progress® Telerik® and Progress® Kendo UI®, the .NET and JavaScript UI libraries for modern application development.
June 04, 2025
Voltage Park announced the launch of its managed Kubernetes service.
June 04, 2025
Cobalt announced a set of powerful product enhancements within the Cobalt Offensive Security Platform aimed at helping customers scale security testing with greater clarity, automation, and control.
June 03, 2025
LambdaTest announced its partnership with Assembla, a cloud-based platform for version control and project management.
June 03, 2025
Salt Security unveiled Salt Illuminate, a platform that redefines how organizations adopt API security.
June 03, 2025
Workday announced a new unified, AI developer toolset to bring the power of Workday Illuminate directly into the hands of customer and partner developers, enabling them to easily customize and connect AI apps and agents on the Workday platform.
June 02, 2025
Pegasystems introduced Pega Agentic Process Fabric™, a service that orchestrates all AI agents and systems across an open agentic network for more reliable and accurate automation.
June 02, 2025
Fivetran announced that its Connector SDK now supports custom connectors for any data source.
June 02, 2025
Copado announced that Copado Robotic Testing is available in AWS Marketplace, a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on Amazon Web Services (AWS).
May 29, 2025
Check Point® Software Technologies Ltd.(link is external) announced major advancements to its family of Quantum Force Security Gateways(link is external).
May 29, 2025
Sauce Labs announced the general availability of iOS 18 testing on its Virtual Device Cloud (VDC).
